Intelligence sharing and the danger of leaks

In the aftermath of September 11th, US spy services were reprimanded for failing to cross-reference their intelligence information. That led to the creation of the Secret Internet Protocol Router Network or SIPRnet. But this �secure� network has suffered one of the biggest information leaks. The World's Clark Boyd reports. The leaked files came from the Secret Internet Protocol Router Network, or SIPRnet. SIPRnet functions just like the Internet � you can browse websites, send and receive emails, and so on. But it uses its own dedicated and encrypted lines, according to the Pentagon. SIPRnet first came online in 1994. It was meant to be mainly a military system for command and control. And then the September 11th attacks happened. �There was a call, by everybody, particularly congress and a demand that there was going to have to be more sharing of information�, says Catherine Lotrionte, associate director of the Institute for Law, Science and Global Security at Georgetown University. �That call was based upon conclusions from the investigators and congress that if we had had more information sharing, we would have been better at foreseeing attacks such as 9/11�. And so access to SIPRnet was opened up, in the hopes of producing better intelligence. It's thought that up to 3 million people might have the clearance to access SIPRnet. More than 250 embassies now have access � which is why there were so many diplomatic cables on the system. Michael Tanji is a former supervisory intelligence officer at the Defence Intelligence Agency. He says increased access to SIPRnet has mostly been a good thing. �The more good, valuable information you have, the better your decision making process. But the flip side of that coin, as we see with recent events, the more information you put out, and the less control you have over that, the more possibility that someone could misuse that�, he says. Yesterday, a State Department spokesman said �someone within the United States government had access to this information, downloaded it, and provided it to parties outside the United States.� The spokesman wouldn't confirm if he was talking about Private Bradley Manning. Manning claimed to have downloaded the cables, along with tens of thousands of other sensitive documents, from a SIPRnet machine in Iraq � where he was stationed. In an online chat with a former US hacker, Manning said he then sent the information on to WikiLeaks. The hacker later turned Manning in to authorities. He's currently under arrest in a US detention facility. What's striking about reading the online chat is how easy it was, according to Manning, to access these files. He took a blank, write-able disc, stuck it into the computer with access, downloaded the information, and walked out with the disc falsely labelled as a �Lady GaGa� CD. James Lewis is a senior fellow at the Center for Strategic and International Studies in Washington. He wonders why there weren't better safeguards. �If someone's downloading 250,000 files, you can set up your network so it alerts you. Why didn't we have those alerts in place?� A big problem is that those who want to protect valuable information have to choose between keeping that information secure � and sharing it with those who might need to know. Finding the right balance may take time. Former intelligence officer Michael Tanji is worried that officials will abandon the SIPRnet system. He says it's been a huge help in the past, giving government agencies access to other viewpoints and methods � and of course allowing them to share information. �And situations like this don't help that. You start locking things down, you don't know who is working on issues, you go back to working in a bubble, and that really doesn't help anyone�. The Obama Administration says it is looking at ways to quickly improve computer security in the wake of this latest document leak. The White House's Office of Management and Budget has ordered federal agencies to �ensure that users do not have broader access than is necessary to do their jobs effectively.� There must also be limits, the memo said, on what types of removable media, USB sticks and CD-ROMs, can be used on classified computer networks.